changes the sb_type field in the scoreboard. Since unprivileged
children should not be able to affect the parent in this way, this is
treated as a Low severity security issue.
Thanks to "halfdog" <me halfdog.net> for reporting this issue.
* include/scoreboard.h (global_score): Remove sb_type field.
* include/ap_mmn.h: Bump MMN for above.
* server/scoreboard.c (ap_cleanup_scoreboard, ap_create_scoreboard):
Use a static global to store store the scoreboard type.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1230065 13f79535-47bb-0310-9956-
ffa450edef68
* ap_proxy_table_unmerge(), proxy_lb_workers.
* 20111203.1 (2.5.0-dev) Add ap_list_provider_groups()
* 20120109.0 (2.5.0-dev) Changes sizeof(overrides_t) in core config.
+ * 20120111.0 (2.5.0-dev) Remove sb_type from global_score.
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 20120109
+#define MODULE_MAGIC_NUMBER_MAJOR 20120111
#endif
#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
typedef struct {
int server_limit;
int thread_limit;
- ap_scoreboard_e sb_type;
ap_generation_t running_generation; /* the generation of children which
* should still be serving requests.
*/
AP_DECLARE_DATA scoreboard *ap_scoreboard_image = NULL;
AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL;
+static ap_scoreboard_e scoreboard_type;
const char * ap_set_scoreboard(cmd_parms *cmd, void *dummy,
const char *arg)
if (ap_scoreboard_image == NULL) {
return APR_SUCCESS;
}
- if (ap_scoreboard_image->global->sb_type == SB_SHARED) {
+ if (scoreboard_type == SB_SHARED) {
ap_cleanup_shared_mem(NULL);
}
else {
ap_init_scoreboard(sb_mem);
}
- ap_scoreboard_image->global->sb_type = sb_type;
+ scoreboard_type = sb_type;
ap_scoreboard_image->global->running_generation = 0;
ap_scoreboard_image->global->restart_time = apr_time_now();
projects / apache / commitdiff